This Page Is Inserted by IFW Operations 
and is not a part of the Official Record 

BEST AVAILABLE IMAGES 



Defective images within this document are accurate representations of 
the original documents submitted by the appHcant. 

Defects in the images may include (but are not limited to): 



BLACK BORDERS 

TEXT CUT OFF AT TOP, BOTTOM OR SIDES 
FADED TEXT 
ILLEGBLE TEXT 
SKEWED/SLANTED IMAGES 
COLORED PHOTOS 

BLACK OR VERY BLACK AND WHITE DARK PHOTOS 
GRAY SCALE DOCUMENTS 



IMAGES ARE BEST AVAILABLE COPY. 



As rescanning documents will not correct images, 
Please do not report the images to the 
Image Problem Mailbox. 



WORLD INTELLECTUAL PROPERTY ORGANIZATION 
International Bureau 




PCX 

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification ^ : 
G06F 12/14 



Al 



(11) International Publication Number: 
(43) International Publication Date: 



WO 00/36515 

22 June 2000 (22.06.00) 



(21) International Application Number: PCT/US98/26377 

(22) International Filing Date: 1 1 December 1998 (1 1.12.98) 

(71) Applicant (for all designated States except US); RVT TECH- 
NOLOGIES, INC. [US/US]; Suite 109, 4485 Highway 29. 
Lilbum, GA 30047 (US). 

(72) Inventor; and 

(75) Inventor/Applicant (for US only): MANN, Steven, D. 
[US/US]; 20 Hearthstone Drive, Stockbridge. GA 30281 
(US). 

(74) Agents: ROSENBERG, Sumner, C. et al.; Needle & Rosenberg, 
P.C., 127 Peachtree Street, NE, Atlanta, GA 30303 (US). 



(81) Designated States: AL, AM, AT, AU, AZ, BA, BB, BG, BR, 
BY, CA, CH, CN, CU, CZ, DE, DK. EE, ES, Fl, GB, GD, 
GE, GH. GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, 
KR, KZ, LC. LK, LR. LS, LT, LU, LV, MD, MG, MK, 
MN, MW, MX. NO. NZ, PL, PT. RO, RU, SD, SE, SG. 
SI, SK, SL, TJ. TM. TR, TT, UA, UG, US, UZ, VN, YU, 
ZW, ARIPO patent (GH, GM. KE. LS, MW, SD. SZ, UG. 
ZW), Eurasian patent (AM, AZ. BY. KG, KZ, MD, RU. TJ, 
TM). European patent (AT. BE, CH, CY. DE, DK, ES. FI. 
FR. GB. GR, IE. IT. LU, MC, NL. PT. SE), OAPI patent 
(BF. BJ, CF, CG. CI. CM. GA, GN. GW, ML, MR. NE, 
SN, TD, TG). 



Published 

With international search report. 



(54) Title: METHOD AND APPARATUS FOR ISOLATING A COMPUTER SYSTEM UPON DETECTION OF VIRUSES AND 
SIMILAR DATA 



IT 



oottouiAnoH 


t 


fU-TOl 




ASM 
M 




1 


ftum 







3& 



HZ. 



(57) Abstract 

An apparatus (10) for isolating a data receiving entity (30) from a data sending entity (20) includes a first data channel (22). coupled 
to the data sending entity, and a second data channel (32). coupled to the data receiving entity. A processor (30) is programmed to compare 
a plurality of data v^ords received from the first data channel to at least one data word characteristic of a data virus and to assert a control 
signal when a data word received from die first data channel corresponds to a data word characteristic of a data virus. An optical isolator 
(14) is capable of isolating the first data channel from the second data channel when the processor detects a data virus. A controllable 
power supply (54) is responsive to the control signal (42) from the processor and coupled to the optical isolator, which provides power to 
the optical isolator only when the control signal from the processor is not asserted. 
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METHOD AND APPARATUS FOR ISOLATING A COMPUTER SYSTEM 
UPON DETECTION OF VIRUSES AND SIMILAR DATA 

5 BACKGROUND OF THE INVENTION 

1 . Field of the Invention: 

This invention relates to computer systems. More particularly, this invention 
10 relates to a method and apparatus for isolating a computer system upon detection of a 
virus and similar data. 

2, The Prior Art: 

15 Recently, transmission of data viruses over the hitemet has become a serious 

concern for Internet users. To reduce the concern, several methods are used to isolate 
computers from the Internet while the users are in local mode. However, when users of 
such methods are in a connected mode, they become prey to any virus that they may 
unwittingly download. 

20 

Computer vims scaimers are common and can be used to detect a virus once it 
is downloaded. However, such scanners cannot prevent the virus from being 
downloaded. They can only aid in the identification of a virus once it has akeady 
infected the user's computer. 

25 

Nowhere does the prior art disclose a method or apparatus for detecting a virus 
as it is being received from a network and isolating the user's computer from the 
Internet when an incoming virus is detected. 

30 
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SUMMARY OF THE INVENTION 

The above-noted disadvantages of the prior art are overcome by the present 
invention, which in one aspect is an apparatus for isolating a data receiving entity from 
a data sending entity. A first data channel is coupled to the data sending entity and a 
second data channel is coupled to the data receiving entity. A processor is 
operationally coupled to the first data channel and detects a data virus received from the 
first data channel. An isolation circuit that is responsive to the processor couples the 
first data channel to the second data channel when the processor does not detect a data 
virus and isolates the first data channel from the second data channel when the 
processor detects a data virus. 

In another aspect, the invention includes a first data channel coupled to the data 
sending entity and a second data channel coupled to the data receiving entity. A 
processor that is programmed to compare a plurality of data words received from the 
first data channel to at least one data word characteristic of a data virus asserts a control 
signal when a data word received from the first data channel corresponds to a data word 
characteristic of a data virus. A memory, that is operationally coupled to the processor, 
stores at least one data word characteristic of a data virus. The memory presents to the 
processor at least one data word characteristic of a data virus and an input buffer stores 
data received by the processor from the first data channel. An optical isolator, coupled 
to the first data channel and the second data channel and having an enable signal input, 
is capable of isolating the first data channel from the second data channel when the 
enable signal input is not asserted and is also capable of placmg the first data channel 
and the second data channel in optical communication with each other when the enable 
signal input is asserted. A controllable power supply that is responsive to the control 
signal from the processor is coupled to the enable signal input of the optical isolator. 
The power supply asserts the enable signal when the control signal is not asserted and 
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does not assert the enable signal when the control signal is asserted, thereby causing the 
optical isolator to isolate the first data channel from the second data channel. 

In yet another aspect, the invention is a method for isolating data receiving 
entity from a data sending entity. When a data virus received from the data sending 
entity is detected, the data sending entity is isolated from the data receiving entity. 

An advantage of the invention is that it prevents a data receiving entity, such as 
a computer, from receiving a virus from a data sendmg entity, such as a computer 
network. 

A fiirther advantage of the invention is that it isolates the data sending entity 
from the data receiving entity without disrupting normal operation of either entity. 

These and other advantages will become apparent from the following 
description of the preferred embodiment taken in conjunction with the foUowmg 
drawings, although variations and modifications may be effected without departing 
from the spirit and scope of the novel concepts of the disclosure. 

BRIEF DESCRIPTION OF THE FIGURES OF THE DRAWINGS 

FIG* 1 is a simplified schematic diagram of the invention. 

FIG, 2 is a detailed schematic diagram of the invention. 

DETAILED DESCRIPTION OF THE INVENTION 

A preferred embodiment of the invention is now described in detail. Referring 
to the drawings, like numbers indicate like parts throughout the views. As used in the 
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description herein and throughout the claims that follow, "a," "an," and "the" includes 
plural reference unless the context clearly dictates otherwise. Also, as used in the 
description herein and throughout the claims that follow, the meaning of "in" includes 
"in" and "on" unless the context clearly dictates otherwise. 

5 

As shown in FIG. 1, the apparatus 10 of the invention evaluates data received 
from a data sending entity 20, such as the Internet, by a data receiving entity 30, such as 
a personal computer or even a local area network. The data is received via a first data 
channel 22 coupled to the data sending entity 20 and a second data channel 32 coupled 

10 to the data receiving entity. A data comparitor 40 is operationally coupled to the first 
data channel 22 and is used to detect data viruses received from the first data channel 
22. When a virus is detected, a data isolator 60, that is responsive to a control signal 42 
from the data comparator 40, isolates the first data channel 22 from the second data 
channel 32. Thus, viruses are detected and prevented from being received by the data 

1 5 receiving entity 30. 

As shown in FIG. 2, the ^paratus 10 of one preferred embodiment of the 
invention interfaces with a peripheral control interface (PCI) 12 of a data receiving 
entity 30, such as a personal computer, to provide isolation from a data sending entity 
2 0 20, such as the Internet. The data sending entity 20 is connected to an input interface 
24, such as a standard PBX interface, via a first data channel 22. The data stream 
received by the input interface 24 is demodulated using a demodulator circuit 26 so as 
to conform to the data format of the data receiving entity 30. 

2 5 The data stream is then fed into the data comparator 40. In the comparitor 

circuit 40, a UART chip 46 formats the incoming serial data into parallel data words 
and a processor 44, such as a PCI host controller, using an asynchronous transfer mode 
segmentation and reassembly, compares the parallel data with known virus signatures 
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stored in a memory 48, such as an EEPROM. The processor 44, which is controlled by 
a control memory 50, buffers data from the UART chip 46 in a memory chip 52 as it 
awaits virus scanning analysis. 

5 After the processor 44 has analyzed an incoming word, it is then sent to the data 

isolator 60 for eventual transfer to the data receiving entity 30. The data isolator 60 
comprises an optical isolator 62 that is driven by a power enable signal 66 received 
from a power supply conditioning ISO drive 64. The power supply conditioning ISO 
drive 64 receives power from a power up control logic circuit 54 which receives power 
10 from a power line 74 in the PCI bus 12. 

If no virus is found, the data stream is transferred through the optical isolator 62 
to a modulation level shifting circuit 68, that conditions the data for receipt by the data 
receiving entity 30, to a modem interface 34. The modem interface 34 provides 
15 protocol matching to the input interface 24 and sends the data to the data receiving 
entity 30. 

When a virus is detected in the incoming data stream, a control line 42 from the 
processor 44 causes the power up control logic circuit 54 to cause the power supply 
2 0 conditioning ISO drive 64 to cut off power to the optical isolator 62, thereby causing 
the optical isolator 62 to prevent passage of data therethrough. A modem standby 
circuit 36 then takes over and simulates protocol exchanges with the input interface 24, 
thereby preventing an abnormal disconnect. 

25 During power-up, the processor 40 runs the system through a self checking 

routine. If any system abnormalities are detected, an interrupt Ime 70 is asserted. The 
interrupt line 70 passes through an optical isolator 14 to ensure unidirectional data 
transmission to the PCI bus 12. 
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The power up control logic circuit 54 also performs a self check, a battery 
reference 56 is compared to the value on the incoming power line 74 from the PCI bus 
12, and if the system is improperly powered, an interrupt line 72 is asserted. The 
interrupt line 72 is also passed through an optical isolator 16 that ensures that the 
5 interrupt line 72 is unidirectional to the PCI bus 12. 

The above described embodiment is given as an illustrative example only. It 
will be readily appreciated that many deviations may be made from the specific 
embodiment disclosed in this specification without departing from the invention. 
10 Accordingly, the scope of the invention is to be determined by the claims below rather 
than being limited to the specifically described embodiment above. 
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CLAIMS 



What is claimed is: 



1 . An apparatus for isolating data receiving entity from a data sending entity, 
comprising: 

a. a first data channel, coupled to the data sending entity; 

b. a second data chaimel, coupled to the data receiving entity; 

c. means, operationally coupled to the first data chaimel, for detecting a 
data virus received from the first data channel; and 

d. means, responsive to the detecting means, for coupling the first data 
channel to the second data channel when the detecting means does not 
detect a data virus and for isolating the first data channel from the 
second data channel when the detecting means detects a data virus. 

2. An apparatus for isolating data receiving entity from a data sending entity, 
comprising: 

a. a first data channel, coupled to the data sending entity; 

b. a second data channel, coupled to the data receiving entity; 

c. means for comparing a plurality of data words received from the first 
— data channel to at least one data word characteristic of a data virus and 

for asserting a control signal when a data word received from the first 
data channel corresponds to a data word characteristic of a data virus; 
and 

d. means, coupled to the first data channel and the second data channel and 
operationally coupled to the control signal, for isolating the furst data 
channel from the second data channel when the control signal is asserted 
and for placing the first data channel and the second data channel in 
optical commimication when the control signal is not asserted. 
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3. The ^paratus of Claim 2, wherein the comparing means comprises: 

a. a processor; and 

b. means for presenting to the processor at least one data word 
characteristic of a data virus. 

4. The apparatus of Claim 3, wherein the processor comprises a PCI host 
controller. 

5. The apparatus of Claim 3, wherein the presenting means comprises a memoiy, 
operationally coupled to the processor, that stores at least one data word 
characteristic of a data virus. 

6. The apparatus of Claim 3, ftirther comprising an input buffer that stores data 
received by the processor 

7. The apparatus of Claim 2, wherein data on the first data chaimel is transmitted 
in a serial format and wherein the apparatus further comprises means for 
converting segments of serial data received from the first data channel to data in 
a parallel format. 

8. _The apparatus of Claim 2, wherein the isolating means comprises an optical 

isolator. 

9. The apparatus of Claim 8, further comprising a controllable power supply 
responsive to the control signal from the comparing means, the power supply 
generating an enable signal when the control signal is not asserted, wherein the 
optical isolator is powered by the enable signal so that when the optical isolator 
receives power from the enable signal, the first data channel and the second data 
channel are in optical commxmication with each other. 
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10. An apparatus for isolating data receiving entity from a data sending entity, 
comprising: 

a. a first data channel, coupled to the data sending entity; 

b. a second data channel, coupled to the data receiving entity; 

c. a processor that is programmed to compare a plurality of data words 
received from the first data channel to at least one data word 
characteristic of a data virus and to assert a control signal when a data 
word received from the first data channel corresponds to a data word 
characteristic of a data virus; 

d. a memory, operationally coupled to the processor, that stores at least one 
data word characteristic of a data virus that presents to the processor at 
least one data word characteristic of a data virus; 

e. an mput buffer that stores data received by the processor from the first 
data channiel; 

f. an optical isolator, coupled to the first data channel and the second data 
channel and having an enable signal input, that is capable of isolating 
the first data channel from the second data channel when the enable 
signal input is not asserted and is capable of placing the first data 
channel and the second data channel in optical communication with each 
other when the enable signal input is asserted; and 

g. a controllable power supply responsive to the control signal from the 
processor and coupled to the enable signal input of the optical isolator, 
the power supply asserting the enable signal when the control signal is 
not asserted and the power supply not asserting the enable signal when 
the control signal is asserted, thereby causing the optical isolator to 
isolate the first data channel from the second data channel. 

1 1 . The apparatus of Claim 1 0, wherein the processor comprises a PCI host 
controller. 
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12. The apparatus of Claim 10, wherein data on the first data channel is transmitted 
in a serial fomiat and wherein the apparatus further comprises means for 
converting segments of serial data received from the first data channel to data in 
a parallel format. 

13. A method for isolating data receiving entity from a data sending entity, 
comprising: 

a detecting a data virus received from the data sending entity; and 
b. isolating the data sending entity from the data receiving entity upon 
detecting a data virus received from the data sending entity. 
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FIG. 1 
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